Overview Of Mobile Phone Security Exploits Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

As over the last decade mobile device technology has evolved as one of most popular and used technologies throughout the world. So because of usability expansion of mobile devices, the need to make them more and more interactive and presentation of new features increased rapidly too for leading mobile technology vendors. In this race typical mobile hand devices have been turned into advanced computing stations which not only can handle previous simple phone call and SMS procedures; moreover they have been made able to capture and process information more efficiently comparative to a normal PCs and Laptops. Moreover these mobile devices are portable and easy to carry along; so this has been also a factor for their extensive use and popularity. But as much as the mobile phones are becoming more and more interactive and adaptive to intelligent computer like features; at the same time they are becoming more vulnerable to security threats like malicious codes. Major smart phone operating systems like Symbian OS, Windows CE.NET and Apple OS X for apple iphones are facing severe malware attacks. Now we proceed with an overview of mobile phone security and major threats or exploits it is facing right now.

An over view of mobile device security

As discussed later that mobile device usage involves much more than simple communication mechanisms. Potential users need their mobile devices for shortage of, access to and communication of sensitive information, highlighting the security as a serious concern. So as with the passage of time new features are emerging in compact mobile devices; mobile device manufacturers and service providers are practicing maximum efforts to ensure customer satisfaction over security.

Luckily internet is responsible for highlighting security for information and communications. So as far as mobile device security is concerned; internet security algorithms gave us a healthy approach to mobile appliance security features.

But still some novel security issues needs to be discussed separately:

Mobile device networks are usually based over wireless communication mechanisms to support mobility. So physical signal for mobile devices is easy to track down for intruders and hackers as numerous tools are available for signal processing which can be turned into a tracking device with a little knowledge and common sense. This aspect makes mobile device security significant by challenging.

In comparison to desktop computers who operate under marginally secure physical environments with limitations; mobile devices can operate in distant areas because of long range availability of their networks. So there is always a chance of fall damage or complete destruction of them in hostile environments.

More over mobile devices are most likely a piece of cake for activities like theft, loss etc. so mobile appliances needs strong tracking mechanisms regarding these threats.

Cost, weight and power capabilities are the metrics which needed to be worked upon to ensure reasonable security of mobile devices.

Mobile device security structure and exploits

Now let’s proceed with a top to bottom preview of mobile security by dividing it in the classes and subclasses. Using this approach would give a better understanding to security from user and designer point of view.

Mobile device security can be exploited and attacked in two major ways:

Physical and side channel exploits

As mentioned earlier mobile devices are comparatively more vulnerable to physical damages and attacks comparative to desktop computers. Here is a list of physical and side channel non-invasive attacks exploits a mobile device can face:

Due to compact design and mobility mobile devices are vulnerable to theft and loss damages comparatively other electronic devices.

Mobile communication networks are easy to attack rather than wired computer networks. To understand the mobile network attacks let us have a look over evolution of telecommunication industry which is mainly responsible for convergence of services at one platform. From 1990s internet protocol (IP) networks have grown rapidly popular for fast and reliable broad band facilities for enterprise and public sectors. Cheap voice and messaging services were main reason of IP popularity in which analog signals were converted into IP format and transmitted over the internet. This became a major drawback to telecommunication industry and caused significant decrease in revenues. So there was a need for more efficient mobile platforms to stop deficit. In result telecommunication service providers came with convergence of multiple services at one platform approach. In this approach multiple services like mobile telephony, on demand tv, video games, capture and process services were emerged in one hand set. It looked a major and exciting development but it gave birth to a new kind of attack called Daniel of service attempt. Daniel of service attack which can cause disruption of all services at once. Converging features made telecom service providers to change their systems to IP based technologies; in result becoming a piece of cake for hackers. Moreover need of storage for customer information increased so rapidly; that a need for regulation and management mechanism and treaties arise later.

Mobile device tracking systems which are used as protective mechanisms; they can categorize as a threat to mobile device if they are being used reversed.

Mobile device design piracy has been a physical threat in past early designs too.

Mobile network servers can be used by intruders for leakage of sensitive information e.g. electronic mail records, voice call records etc.

Software exploits for mobile devices

Spyware can be loaded onto a phone. This, in turn, can activate the phone as a bugging device with full remote control available to an eavesdropper. Advanced spyware has a number of features, including voice-activated microphones to save on battery life and the ability to auto forward SMS messages and the contact list on a phone.

GSM encryption can be hacked. A number of attacks have been demonstrated and, in theory, given suitable resources, mobile phone encryption could be compromised. This is a passive attack and is undetectable as the signals are received using a specialised radio, which is both portable and easy to hide.

Cell phone "capture". This attack exploits a couple of design weaknesses found within GSM cell phones. The first is that, whilst a cell phone needs to authenticate itself to a network, the network itself is not authenticated by the cell phone. Couple this with the design requirement for cell phones to connect to the most local base station, based on signal strength, a fake base station can be set up and all local call traffic captured. As mobile phone calls are only encrypted from the phone to the base station a fake base station will be able to process calls "in the clear". This is called an active attack and, whilst it may appear complicated, a number of commercial products are available to authorised agencies and government departments. In early 2010, active attacks were demonstrated using hardware and software that can be purchased for around $1000, less than 1% of commercially available solutions. The widespread availability of home base stations, such as Vodafone SureSignal, has provided a source of equipment that could be adapted for this type of intercept. In reality this attack does have limitations. As the cell phone is using a fake base station it is not registered with the cell phone network, so any incoming calls will be diverted to voice mail or receive a "cell phone unavailable" message. More sophisticated versions of this attack provide two connectionsâ€"one to the compromised phone and one to the network base station. Using this man-in-the-middle approach the cell phone is able to connect to the authentic network, albeit via a fake base station that will intercept the traffic, so "normal" two-way calls can be initiated whilst the call and data flow is being monitored. 3G phones utilise mutual authentication between the phone and the network so aspects of these attacks will no longer be valid when networks are exclusively 3G and above. Until then the sharing of GSM and 3G systems in support of broader network coverage can still see 3G phones subject to compromise using this approach.

Inside threat. Threats to information security systems often emanate from inside an organisation. These can take the form of knowledgeable insiders being bribed or bullied into supplying relevant cell phone data and can even be an employee planted by a security agency. In June 2010, a technician who worked in a Lebanese mobile phone operator was arrested for being an Israeli spy and giving access to phone calls for 14 years. Because of the man's role on the technical side of the cell phone network's operations, it was assumed that the entire national network had been compromised.